108 matches found
MiracleLinux 4 : php-5.3.3-50.AXS4 (AXSA:2019-4373:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4373:01 advisory. php: underflow in envpathinfo in fpmmain.c CVE-2019-11043 Tenable has extracted the preceding description block directly from the MiracleLinux security...
MiracleLinux 7 : php-5.4.16-46.1.0.1.el7.AXS7 (AXSA:2019-4396:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4396:02 advisory. php: underflow in envpathinfo in fpmmain.c CVE-2019-11043 Tenable has extracted the preceding description block directly from the MiracleLinux security...
RHEL 7 : rh-php71-php (RHSA-2019:3300)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3300 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: underflow in envpathinfo in fpmmain.c...
Rocky Linux 8 : php:7.2 (RLSA-2019:3735)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:3735 advisory. - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to writ...
Rocky Linux 8 : php:7.3 (RLSA-2019:3736)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:3736 advisory. - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to writ...
K75408500: PHP FPM vulnerability CVE-2019-11043
Security Advisory Description In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of...
Ubuntu: Security Advisory (USN-4166-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
QNAP QTS RCE Vulnerability (QSA-22-20)
QNAP QTS is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts";...
QNAP QuTS hero RCE Vulnerability (QSA-22-20)
QNAP QuTS hero is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Exploit for Out-of-bounds Write in Php
This is an exploit module for a bug in php-fpm CVE-2019-11043. The exploit targets a vulnerability in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit works by appending a specially crafted URL to the web server, which...
openSUSE 15 Security Update : php7 (openSUSE-SU-2021:1130-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1130-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...
openSUSE 15 Security Update : php7 (openSUSE-SU-2021:2575-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2575-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...
SUSE: Security Advisory (SUSE-SU-2019:2809-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:2909-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:2819-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Virtuozzo 6 : php / php-bcmath / php-cli / php-common / php-dba / etc (VZLSA-2019-3287)
An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Exploit for Out-of-bounds Write in Php
PoC exploit for CVE-2019-11043, an exploit for a bug in php-fpm. The exploit targets a vulnerability in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit assumes that the nginx configuration has a location block that forwar...
Exploit for Out-of-bounds Write in Php
It is an exploit module for CVE-2019-11043. The target product/service is Apache Log4j, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the JNDI exploit, which is a known vulnerability in Log4j. Notable dependencies/tooling include the Apache Log4j...
Exploit for Out-of-bounds Write in Php
CVE-2019-11043 PHP-FPM Remote Code Execution Screencast: htt...
About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...